Stored Cross-Site Scripting Vulnerability in Adobe Commerce
CVE-2026-47999

4.8MEDIUM

What is CVE-2026-47999?

Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that enables attackers with high privileges to inject harmful scripts into vulnerable form fields. When users interact with these compromised fields, malicious JavaScript can execute in their browsers, potentially leading to unauthorized actions or exposure of sensitive information. This vulnerability underscores the importance of securing web applications to maintain user safety and data integrity.

Affected Version(s)

Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18

Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18

Adobe Commerce B2B 0 <= 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.